mirror of
https://github.com/RGBCube/ncc
synced 2025-07-29 19:17:45 +00:00
Set up restic on all hosts
This commit is contained in:
parent
f5da41b495
commit
fefb810d97
15 changed files with 100 additions and 82 deletions
|
@ -15,6 +15,12 @@
|
|||
openssh.authorizedKeys.keys = [ keys.enka ];
|
||||
hashedPasswordFile = config.secrets.rgbPassword.path;
|
||||
};
|
||||
|
||||
backup = normalUser {
|
||||
description = "Backup";
|
||||
openssh.authorizedKeys.keys = keys.all;
|
||||
hashedPasswordFile = config.secrets.rgbPassword.path;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
|
|
|
@ -24,6 +24,10 @@ in systemConfiguration {
|
|||
}];
|
||||
};
|
||||
|
||||
services.restic.backups = genAttrs config.resticHosts (_: {
|
||||
paths = [ "/var/lib/gitea-runner" "/var/lib/forgejo" ];
|
||||
});
|
||||
|
||||
users.groups.gitea-runner = {};
|
||||
users.users.gitea-runner = systemUser {
|
||||
extraGroups = [ "docker" ];
|
||||
|
|
|
@ -24,6 +24,10 @@ in systemConfiguration {
|
|||
}];
|
||||
};
|
||||
|
||||
services.restic.backups = genAttrs config.resticHosts (_: {
|
||||
paths = [ "/var/lib/grafana" ];
|
||||
});
|
||||
|
||||
systemd.services.grafana = {
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
|
|
|
@ -59,6 +59,10 @@ in serverSystemConfiguration {
|
|||
];
|
||||
};
|
||||
|
||||
services.restic.backups = genAttrs config.resticHosts (_: {
|
||||
paths = [ "/var/lib/matrix-synapse" "/var/lib/matrix-sliding-sync" ];
|
||||
});
|
||||
|
||||
services.matrix-synapse = enabled {
|
||||
withJemalloc = true;
|
||||
|
||||
|
|
|
@ -32,6 +32,10 @@ in systemConfiguration {
|
|||
}];
|
||||
};
|
||||
|
||||
services.restic.backups = genAttrs config.resticHosts (_: {
|
||||
paths = [ "/var/lib/nextcloud" ];
|
||||
});
|
||||
|
||||
systemd.services.nextcloud-setup = {
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, pkgs, ... }: with lib; merge
|
||||
{ config, lib, pkgs, ... }: with lib; merge
|
||||
|
||||
(systemConfiguration {
|
||||
services.prometheus.exporters.postgres = enabled {
|
||||
|
@ -6,6 +6,20 @@
|
|||
runAsLocalSuperUser = true;
|
||||
};
|
||||
|
||||
services.restic.backups = genAttrs config.resticHosts (_: {
|
||||
paths = [ "/tmp/postgresql-dump.sql.gz" ];
|
||||
|
||||
backupPrepareCommand = ''
|
||||
${config.services.postgresql.package}/bin/pg_dumpall --clean \
|
||||
| ${lib.getExe pkgs.gzip} --rsyncable \
|
||||
> /tmp/postgresql-dump.sql.gz
|
||||
'';
|
||||
|
||||
backupCleanupCommand = ''
|
||||
rm /tmp/postgresql-dump.sql.gz
|
||||
'';
|
||||
});
|
||||
|
||||
services.postgresql = enabled {
|
||||
package = pkgs.postgresql_14;
|
||||
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
{ config, lib, pkgs, ... }: with lib;
|
||||
|
||||
systemConfiguration {
|
||||
secrets.resticPassword.file = ./password.age;
|
||||
|
||||
services.restic.backups.disk = {
|
||||
repository = "sftp:backup@disk:${config.networking.hostName}-backup";
|
||||
passwordFile = config.secrets.resticPassword.path;
|
||||
initialize = true;
|
||||
|
||||
pruneOpts = [
|
||||
"--keep-daily unlimited"
|
||||
"--keep-weekly unlimited"
|
||||
"--keep-monthly 6"
|
||||
"--keep-yearly 12"
|
||||
];
|
||||
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
Persistent = true;
|
||||
};
|
||||
|
||||
paths = [
|
||||
"/tmp/postgresql-dump.sql.gz"
|
||||
] ++ map (dir: "/var/lib/${dir}") [
|
||||
"forgejo"
|
||||
"gitea-runner"
|
||||
"grafana"
|
||||
"matrix-sliding-sync"
|
||||
"matrix-synapse"
|
||||
"nextcloud"
|
||||
];
|
||||
|
||||
backupPrepareCommand = ''
|
||||
${config.services.postgresql.package}/bin/pg_dumpall --clean \
|
||||
| ${lib.getExe pkgs.gzip} --rsyncable \
|
||||
> /tmp/postgresql-dump.sql.gz
|
||||
'';
|
||||
|
||||
backupCleanupCommand = ''
|
||||
rm /tmp/postgresql-dump.sql.gz
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 +rZ0Tw JhqOkh+PwYHVBthp3sK8ObXpilu/Fn8sDelDyk9ShkI
|
||||
Q93HHN68Sq3g+dvPLi/uw/w6Uzsqi39rPwV8hitl1dM
|
||||
-> ssh-ed25519 CzqbPQ R+z/ARbQuV0B4fZ/f/4Z7LQCofg0VbagNymI2VkRv38
|
||||
/WEmH+UdUQ3u3IACisaYIhJ0u8fiJP/hjPd6UkN5c8k
|
||||
-> ssh-ed25519 f5VzMA FrgY7EJzi5ZtdxA8bIZZG5Q1L7Abrx0wWyVKOGreRgU
|
||||
OWTnpJl9Yt14H9tzLxFxZqksADe4fAESWQ2ebZt/vMg
|
||||
--- jjnpTS1CXY89cYNu90SL5kVJ8ddo7Twabb9TWIyaYMw
|
||||
}©<>,À<>=‹"±T/y¶Ø:߈Œ¾l‡;/°èõ¸[„jÃÐe@¸šÉe²³¬`
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
backup = normalUser {
|
||||
description = "Backup";
|
||||
openssh.authorizedKeys.keys = [ keys.cube keys.enka ];
|
||||
openssh.authorizedKeys.keys = keys.all;
|
||||
hashedPasswordFile = config.secrets.floppyPassword.path;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -13,6 +13,10 @@ in systemConfiguration {
|
|||
listenAddress = "[::]";
|
||||
};
|
||||
|
||||
services.restic.backups = genAttrs config.resticHosts (_: {
|
||||
paths = [ config.mailserver.dkimKeyDirectory config.mailserver.mailDirectory ];
|
||||
});
|
||||
|
||||
mailserver = enabled {
|
||||
fqdn = mkDefault fqdn;
|
||||
|
||||
|
|
|
@ -15,6 +15,12 @@
|
|||
openssh.authorizedKeys.keys = [ keys.enka ];
|
||||
hashedPasswordFile = config.secrets.sevenPassword.path;
|
||||
};
|
||||
|
||||
backup = normalUser {
|
||||
description = "Backup";
|
||||
openssh.authorizedKeys.keys = keys.all;
|
||||
hashedPasswordFile = config.secrets.sevenPassword.path;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh.hostKeys = [{
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue